OJS OCS OMP OHS

You are viewing the PKP Support Forum | PKP Home Wiki



mod_security problem!!!

Are you responsible for making OJS work -- installing, upgrading, migrating or troubleshooting? Do you think you've found a bug? Post in this forum.

Moderators: jmacgreg, btbell, michael, bdgregg, barbarah, asmecher

Forum rules
What to do if you have a technical problem with OJS:

1. Search the forum. You can do this from the Advanced Search Page or from our Google Custom Search, which will search the entire PKP site. If you are encountering an error, we especially recommend searching the forum for said error.

2. Check the FAQ to see if your question or error has already been resolved.

3. Post a question, but please, only after trying the above two solutions. If it's a workflow or usability question you should probably post to the OJS Editorial Support and Discussion subforum; if you have a development question, try the OJS Development subforum.

mod_security problem!!!

Postby miguelbraga » Wed May 08, 2013 2:53 am

Dear support team,

One day ago i've found that my OJS Journal was being blocked (hence off-line) by mod_security.
My hosting company turned off mod_security for this domain but this is not the ideal cenario.

Can you help solve this issue?

Host/site:
iseki-food-ejournal.com

GET:
/ojs/index.php/e-journal/editor/moveIssue?id=12&nextId=8

ERROR:
406

ERROR MESSAGE:
Access denied with code 406 (phase 2). Match of "rx (^application/x-www-form-urlencoded|^multipart/form-data;|^text/xml).*$" against "REQUEST_HEADERS:Content-Type" required. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "13"] [id "90001"]


Regards,
Miguel Braga
miguelbraga
 
Posts: 10
Joined: Sun Oct 28, 2012 9:24 am

Re: mod_security problem!!!

Postby asmecher » Wed May 08, 2013 10:06 am

Hi Miguel,

I'm not particularly familiar with mod_security, but depending on your host's setup, you may be able to selectively disable the problem rule. See e.g.:http://lists.davical.org/pipermail/davical-users/2012q2/003588.html

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 7710
Joined: Wed Aug 10, 2005 12:56 pm

Re: mod_security problem!!!

Postby jcb » Thu May 09, 2013 9:43 am

I had this problem.

Mod_security looks at url query strings for suspicious activity. OJS triggers a few false positives.

To correct it you will need to log in to WHM and disable the mod_security rule(s) that are getting tripped.

Another option would be to ask your hosting provider to turn off mod_security.

Yali Friedman, Ph.D.
thinkBiotech
http://www.thinkbiotech.com
jcb
 
Posts: 16
Joined: Fri May 20, 2011 12:05 pm
Location: http://CommercialBiotechnology.com

Re: mod_security problem!!!

Postby asmecher » Thu May 09, 2013 9:51 am

Hi Yali,

Thanks, that's a useful data point. We're not using or testing with mod_security over here, but it might be worthwhile for us to start after OJS 3.0 is released. (OJS 3.0 will represent a UI overhaul including heavier use of tools like JQuery, so there's little point in tweaking the system before that release comes out.)

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 7710
Joined: Wed Aug 10, 2005 12:56 pm

Re: mod_security problem!!!

Postby miguelbraga » Tue May 28, 2013 9:00 am

Dear all,

Thank you for your replies, i've disabled mod_security and the Journal is working. I look forward to OJS 3.0!
Alec if you need my help to theming OJS please ask, i would love to contribute; take a look to this UI: http://www.iseki-food-ejournal.com/ejou ... /e-journal.
If you feel that i might be an asset give me a buzz!

Regards,
Miguel
miguelbraga
 
Posts: 10
Joined: Sun Oct 28, 2012 9:24 am

Re: mod_security problem!!!

Postby asmecher » Tue May 28, 2013 9:17 am

Hi Miguel,

Congratulations, that's a very attractive bit of layout customization!

We've heard from a few users who are interested in working with theming and design changes around OJS (e.g. using the Bootstrap CSS framework). We'll be doing an alpha release (we may end up calling it a technology preview) fairly soon, and will send out a message to interested parties to see if they would like to get a sneak peek at what OJS 3.0 will contain. I'll definitely include you in that list.

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 7710
Joined: Wed Aug 10, 2005 12:56 pm

Re: mod_security problem!!!

Postby miguelbraga » Thu May 30, 2013 8:51 am

Hi Alec,

Thanks! Please count me in!
I'm still working on it, currently i'm trying to add a Jquery animation on the header.tpl, like the one that's on: http://www.iseki-food-ejournal.com/ejournal/.
Meanwhile i've came across another problem, Firefox is blocking OJS urls and giving me blank pages... i only happens using firefox. Do you have any idea why?
I'm on OSX and using firefox 21.0.

Regards,
Miguel Braga
miguelbraga
 
Posts: 10
Joined: Sun Oct 28, 2012 9:24 am

Re: mod_security problem!!!

Postby asmecher » Thu May 30, 2013 10:03 am

Hi Miguel,

Hmm, is there a message you're seeing from Firefox on the blocked pages? Are you using any Firefox plugins that might be causing this, e.g. ad blockers or something? (If there's a public URL, I could try viewing it with my installation of Firefox.)

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 7710
Joined: Wed Aug 10, 2005 12:56 pm

Re: mod_security problem!!!

Postby miguelbraga » Thu May 30, 2013 11:38 am

Hi Alec,

Yeah there's a small message displayed on a slidding bar but it seams to be from firefox and not from a 3rd party plugin, this only happens after the blank page issue when i resfresh the page... i only have firebug installed.
The public address is http://www.iseki-food-ejournal.com/ejournal/, please let me know how your firefox behaves.

Many thanks,
Miguel
miguelbraga
 
Posts: 10
Joined: Sun Oct 28, 2012 9:24 am

Re: mod_security problem!!!

Postby miguelbraga » Thu May 30, 2013 11:43 am

Dear Alec,

I've figured out what happened. There's an option, in the latest version of Firefox for OSX that prevents URL redirect or auto-refresh, and was activated by default!
Everything seems to be working 100% now, i'm sorry :).

Best regards,
Miguel Braga
miguelbraga
 
Posts: 10
Joined: Sun Oct 28, 2012 9:24 am

Re: mod_security problem!!!

Postby asmecher » Thu May 30, 2013 12:46 pm

Hi Miguel,

That sounds like http://pkp.sfu.ca/bugzilla/show_bug.cgi?id=6670, which should be fixed in OJS 2.4.2. (The fix changed the way redirects were being sent.)

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 7710
Joined: Wed Aug 10, 2005 12:56 pm

Re: mod_security problem!!!

Postby miguelbraga » Tue Jun 11, 2013 8:56 am

Hi Alec,

I've finished the ISEKI_Food E-Journal new UI under: http://www.iseki-food-ejournal.com/e-journal/.
I have a doubt about pre-loading "hover state" images on some sidebar elements; in header.tpl i applyed the following method but i had no luck:

<script type="text/javascript">
if (document.images) {
img1 = new Image();
img1.src = "images/ethics-btn-hover.png";
img2 = new Image();
img2.src = "images/newsubmission-btn-hover.png";
img3 = new Image();
img3.src = "images/images/advertise-hover.png";
img4 = new Image();
img4.src = "images/sponsor-hover.png";
}
</script>

How do you think i could achieve this?

Best regards,
Miguel
miguelbraga
 
Posts: 10
Joined: Sun Oct 28, 2012 9:24 am

Re: mod_security problem!!!

Postby asmecher » Tue Jun 11, 2013 9:25 am

Hi Miguel,

Smarty templates use { and } for their own syntax, so if you want to use Javascript in the templates, you'll need to escape those characters. Either change { and } for {ldelim} and {rdelim} respectively, or embed the whole block in a {literal}...{/literal} tag.

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 7710
Joined: Wed Aug 10, 2005 12:56 pm


Return to OJS Technical Support

Who is online

Users browsing this forum: Google [Bot] and 2 guests